Shadow IT generally manifests itself in two forms. The first usually is a project being funded by a line of business within the organization that no one saw fit to tell IT about. The good news is that once these projects start trying to access corporate data, it’s not too long before cybersecurity teams get a heads up that something rogue is afoot.
The second type of shadow IT activity is more insidious in that it typically involves personal devices that get connected to the network. The challenge many IT teams face is no one knows when or how these devices might suddenly start accessing corporate data via an untrusted network. In an ideal world, most IT organizations would prefer to be able to have total control over what type of endpoints get to connect to a corporate network. The trouble is end users tend to rebel against totalitarian IT edicts. In fact, the more senior the end user is the more problematic things can be. Just ask all the folks in charge of cybersecurity in the current administration how difficult executives can be.
The root of the problem, however, is not the willfulness of the end users. The simple fact is IT organizations don’t have a great track record when it comes to selecting end point devices that end users actually want to use. A survey of 1,000 IT professionals conducted by Entrust Datacard, a provider of identity management tools, indicated most IT employees know this. The survey finds IT staffs overwhelmingly agree employees in their organizations are more productive (97%), engaged (96%), and loyal to the company (93%) when they’re allowed to use their preferred technologies at work.A new survey suggests that when it comes to shadow IT the internal IT department may be its own worst enemy. Find out why. #shadowITClick To Tweet
Challenges that lead to shadow IT
The survey also suggests that when it comes to shadow IT the internal IT department may be its own worst enemy. About half of the IT employees (46%) concede that poor technology request processes cause moderate to severe conflict between IT and other departments in their organizations. Only 12% said their IT department follows up on all requests for new technologies from employees. Another 40% says they only follow up half the time. Given that lack of engagement, it should come as no surprise to see end users, in the name of productivity, doing an end run around IT department every chance they get.
To make matters more challenging, well over a third (37%) for the IT professionals surveyed admit their organization does not have clearly outlined consequences when employees bring on new technologies without IT approval. Only 40% of the IT professionals surveyed said a second offense would lead to termination.Half of IT employees say that poor technology request processes cause conflict between IT and other departments #shadowITClick To Tweet
How to combat shadow IT
Naturally, the issue when personal devices are employed is they are not especially secure. Data breaches can take months to discover, a situation that can only be aggravated further when the device in question doesn’t belong to the organization that has been breached.
As any benevolent dictator knows, the secret to maintaining control is to eliminate the desire to rebel in the first place. The best way to combat shadow IT is to regularly include end users in the technology selection process. If end users are included, the temptation to rebel against a policy they helped craft is not only lessened; they also generally become less inclined to view internal IT teams as the enemy. As most cybersecurity professionals already know, you can’t manage, much less secure, something you can’t see. The challenge and opportunity IT teams have today is finding a way to strike a balance between cybersecurity and productivity that end users will enthusiastically embrace.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.